You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2007/04/18 18:25:15 UTC

[jira] Created: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
------------------------------------------------------------------------------------------------------

                 Key: DERBY-2564
                 URL: https://issues.apache.org/jira/browse/DERBY-2564
             Project: Derby
          Issue Type: Bug
          Components: Security
    Affects Versions: 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0, 10.0.2.1, 10.0.2.0
            Reporter: Rick Hillegas


It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Knut Anders Hatlen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542899 ] 

Knut Anders Hatlen commented on DERBY-2564:
-------------------------------------------

That doesn't mean we don't need to wrap the call in a privileged block, though. A SecurityManager implementation is free to override the checkAccess(Thread) method and perform stricter checks.

> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542909 ] 

Kathey Marsden commented on DERBY-2564:
---------------------------------------

So I guess in summary we do need a privilege block, but we don't need to modify our template policy file for this issue.  Is that correct?


> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden updated DERBY-2564:
----------------------------------

    Derby Info: [Patch Available]

> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>         Attachments: derby-2564_diff.txt, derby-2564_stat.txt
>
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden updated DERBY-2564:
----------------------------------

    Attachment: derby-2564_stat.txt
                derby-2564_diff.txt

Attached is a patch for this issue. suites.All passed, derbyall is finishing up. It does not have the network server changes Knut suggested. I will make those changes and check them in as a separate commit.

I wanted to check on the exception handling for the change. I just am letting the Security exception if any be thrown.  I can't test for that case so I want to make sure that is the right thing to do.

Thanks

Kathey




> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>         Attachments: derby-2564_diff.txt, derby-2564_stat.txt
>
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542853 ] 

Kathey Marsden commented on DERBY-2564:
---------------------------------------

I noticed looking at code coverage that this code is indeed covered by our tests, but  presumably some test that does not run under security manager. Does anyone have an idea what test is covering this code?


> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden reassigned DERBY-2564:
-------------------------------------

    Assignee: Kathey Marsden

> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (DERBY-2564) ContextService.notifyAllActiveThreads() and network server code need a privileged block around the calls to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden closed DERBY-2564.
---------------------------------

       Resolution: Fixed
    Fix Version/s: 10.4.0.0
                   10.3.1.5

> ContextService.notifyAllActiveThreads()  and network server code need a privileged block around the calls to Thread.interrupt()
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>             Fix For: 10.3.1.5, 10.4.0.0
>
>         Attachments: derby-2564_diff.txt, derby-2564_stat.txt
>
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Knut Anders Hatlen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542897 ] 

Knut Anders Hatlen commented on DERBY-2564:
-------------------------------------------

Thread.interrupt() calls Thread.checkAccess() which calls
SecurityManager.checkAccess(Thread).

http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html#checkAccess(java.lang.Thread) says:

> If the thread argument is a system thread (belongs to the thread
> group with a null parent) then this method calls checkPermission
> with the RuntimePermission("modifyThread") permission. If the thread
> argument is not a system thread, this method just returns silently.

My guess is that none of Derby's threads are system threads, and
therefore no permissions are needed with a default security manager.

> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-2564) ContextService.notifyAllActiveThreads() and network server code need a privileged block around the calls to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden updated DERBY-2564:
----------------------------------

    Derby Info:   (was: [Patch Available])

> ContextService.notifyAllActiveThreads()  and network server code need a privileged block around the calls to Thread.interrupt()
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>         Attachments: derby-2564_diff.txt, derby-2564_stat.txt
>
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Knut Anders Hatlen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542989 ] 

Knut Anders Hatlen commented on DERBY-2564:
-------------------------------------------

Yes, that's my understanding. Thread.interrupt() is also called from NetworkServerControlImpl (three times) and DRDAServerStarter (once). We should probably fix those calls as well while we're at it.

> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-2564) ContextService.notifyAllActiveThreads() and network server code need a privileged block around the calls to Thread.interrupt()

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden updated DERBY-2564:
----------------------------------

    Summary: ContextService.notifyAllActiveThreads()  and network server code need a privileged block around the calls to Thread.interrupt()  (was: ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt())

> ContextService.notifyAllActiveThreads()  and network server code need a privileged block around the calls to Thread.interrupt()
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>         Attachments: derby-2564_diff.txt, derby-2564_stat.txt
>
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()

Posted by "Knut Anders Hatlen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12543172 ] 

Knut Anders Hatlen commented on DERBY-2564:
-------------------------------------------

The patch looks good! Letting the exception propagate out to the caller is the correct thing to do, so that should be fine. Since SecurityException is a RuntimeException, you could even skip the "throws SecurityException" part. Two of the imports are unused, by the way (Policy and PrivilegedActionException). Other than that, +1 to commit.

> ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt()
> ------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2564
>                 URL: https://issues.apache.org/jira/browse/DERBY-2564
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Rick Hillegas
>            Assignee: Kathey Marsden
>         Attachments: derby-2564_diff.txt, derby-2564_stat.txt
>
>
> It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.